Uhm, could you please try the single patch from the other mail on 7.0? We are 
probably not going to syspatch to a new nsd version in 7.0.

On 20 October 2021 21:18:17 CEST, Mischa Peters <[email protected]> wrote:
>Hi Florian,
>
>Great stuff!
>Applied both patches and NSD has been running without crashing since 
>20:47 CEST.
>
>Oct 20 20:47:19 name2 nsd[62305]: nsd starting (NSD 4.3.8)
>Oct 20 20:47:19 name2 nsd[37128]: nsd started (NSD 4.3.8), pid 31864
>Oct 20 20:47:30 name2 /bsd: carp24: state transition: BACKUP -> MASTER
>Oct 20 20:47:46 name2 /bsd: carp23: state transition: BACKUP -> MASTER
>
>Thanx a lot for the quick patches!!
>
>Mischa
>
>On 2021-10-20 18:27, Florian Obser wrote:
>> On 2021-10-20 18:24 +02, Florian Obser <[email protected]> wrote:
>>> +4.3.8
>>> +================
>>> +FEATURES:
>>> +   - Set default for answer-cookie to no. Because in server deployments
>>> +     with mixed server software, a default of yes causes issues.
>> 
>> sthen and me think that we shouldn't flip-flop between cookie on and
>> cookie off since we shipped the cookie on default in 7.0.
>> 
>> This is on top of the 4.3.8 diff and reverts that behaviour to cookie 
>> on
>> as we have in 7.0.
>> 
>> OK?
>> 
>> diff --git nsd.conf.5.in nsd.conf.5.in
>> index 4ee4b1292f9..9ae376f288c 100644
>> --- nsd.conf.5.in
>> +++ nsd.conf.5.in
>> @@ -494,7 +494,7 @@ With the value 0 the rate is unlimited.
>>  .TP
>>  .B answer\-cookie:\fR <yes or no>
>>  Enable to answer to requests containig DNS Cookies as specified in 
>> RFC7873.
>> -Default is no.
>> +Default is yes.
>>  .TP
>>  .B cookie\-secret:\fR <128 bit hex string>
>>  Servers in an anycast deployment need to be able to  verify  each 
>> other's DNS
>> diff --git options.c options.c
>> index 6411959e8c6..d8fe022b412 100644
>> --- options.c
>> +++ options.c
>> @@ -131,7 +131,7 @@ nsd_options_create(region_type* region)
>>      opt->tls_service_pem = NULL;
>>      opt->tls_port = TLS_PORT;
>>      opt->tls_cert_bundle = NULL;
>> -    opt->answer_cookie = 0;
>> +    opt->answer_cookie = 1;
>>      opt->cookie_secret = NULL;
>>      opt->cookie_secret_file = CONFIGDIR"/nsd_cookiesecrets.txt";
>>      opt->control_enable = 0;
>

-- 
Sent from a mobile device. Please excuse poor formatting.

Reply via email to